Macy’s Data Breach Exposes Customers’ Credit Card Info

(CBS) — Macy’s says cyberthieves hacked the accounts of thousands of the retailer’s online customers, compromising people’s full names as well as their credit card numbers and expiration dates.

The attack, which occurred over roughly six weeks between the end of April and the beginning of June before being shut down, affected consumers registered on Macys.com or Bloomingdales.com.

Logins and passwords were taken from sites unrelated to the retailers and then used to access data on both sites.

“We are aware of a data security incident involving a small number of our customers,” a Macy’s spokesperson said in a statement to CBS MoneyWatch. “We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures.”

Customers potentially impacted by the breach have been notified and offered free consumer protection services, the retailer said.